Cost of Training Employees vs Hiring New: Jr Pentester Edition
In the ever-changing landscape of cybersecurity, organizations are consistently grappling with the need to protect networks and sensitive information–and that quest requires strategic decisions. One of those decisions revolves around staffing. When it comes to staffing penetration testing roles, decision-makers often find themselves at a crossroads: should they hire a Junior Pentester or invest in upskilling and retaining existing talent?
Understanding the Options
Organizations weighing their options will need to consider talent shortages and navigate the growing demand for cybersecurity professionals. With an estimated 3.4 million cybersecurity jobs projected to go unfilled, the talent deficit poses significant challenges for organizations seeking to fortify their defenses. Plus, the difference in cybersecurity salaries–particularly in tech hubs like California and New York–further complicates recruitment, leaving smaller, more remote companies at a disadvantage.
Let’s explore some of the pros and cons associated with bringing in fresh talent as opposed to upskilling and retaining an existing team.
Why hire a Junior Pentester?
Hiring a Junior Pentester certainly has its advantages. A junior pentester resume usually depicts a cybersecurity professional with 3-5 years of experience in information security - not an entry level role, as the title may suggest. A new hire in this role brings fresh perspectives to your organization while still offering extensive experience, knowledge and skills.
Additionally, Junior Pentesters have the potential to offer niche skills and expertise in specific cybersecurity concentrations, providing their teams with augmented capabilities that might otherwise be unavailable. However, the benefits of new hires should also be weighed against potential pitfalls such as recruitment expenses, cost to hire, and talent shortage challenges.
Advantages of New Hires:
Fresh perspectives.
Niche, specialized skills.
Considerations:
Recruitment and hiring expenses.
Talent shortage challenges.
Why prioritize cybersecurity employee retention through upskilling?
On the other hand, upskilling and retaining existing employees present a separate set of advantages and represent a deliberate investment in long-term talent and culture development. By empowering current team members with the skills needed for penetration testing roles, organizations will find themselves fostering loyalty, promoting career growth, and cultivating a culture of continuous learning. Investing in existing employees also eliminates the uncertainty surrounding whether new hires will fit into the organization's culture.
IT training and development initiatives also offer a cost-effective solution to talent shortages, with the cost of cybersecurity training coming in significantly lower than hiring new employees. Consider this: the average cost of training an employee is $1,252 per year, compared to the average cost to hire, which is around $4,000. Most businesses could upskill their entire IT department in cybersecurity for a fraction of the cost of hiring new employees.
However, the time and resources required for upskilling initiatives demand careful planning and commitment from organizational leadership, as well as patience while team members familiarize themselves with new skills, tools, and concepts. It’s important to note that a new employee can take up to two full years to reach the same level of productivity as an existing staff member, Bersin by Deloitte expert Josh Bersin said.
Advantages of Upskilling:
Long-term talent and culture development.
Empowering loyalty, career growth, and continuous learning.
Cost-effective solution to talent shortages.
Considerations:
Time and resources required.
Patience during skill familiarization.
Productivity timeline compared to new hires.
Choosing a Hybrid Strategy
In the ongoing quest for cybersecurity preparedness, there's no universal solution. Rather, the key lies in evaluating the unique needs and circumstances of each organization and tailoring the approach accordingly. In many cases, a hybrid strategy that combines elements of both hiring and upskilling may produce the most effective outcomes.
Balancing Hiring and Upskilling:
Combining elements for effective outcomes.
Evaluating unique needs and circumstances.
As organizations navigate the complex questions surrounding cybersecurity talent acquisition, the choice between hiring a Junior Pentester and upskilling existing talent requires a balance of potential risk and reward. While each approach presents unique advantages and challenges, the goal remains clear: to cultivate a skilled and resilient cybersecurity workforce capable of confronting emerging threats. By employing a holistic mindset—one that encompasses recruitment, training, and retention strategies—organizations can move toward cybersecurity excellence in an increasingly volatile digital landscape.
Download our whitepaper “Upskilling and Maturing Cybersecurity Teams” to learn more about how to best establish a strong defense for your cybersecurity team.
Interested in learning more about how INE can help? Connect with our team to learn firsthand how INE’s immersive cyber training can support your organization with job-ready skills in an evolving cyber landscape.
Relevant Training: